编辑虚拟主机配置文件
[root@cp1 ~]# cd /usr/local/nginx/conf/vhosts/
[root@cp1 vhosts]# vim test.conf
将用户认证换成访问控制,白名单为本机
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
测试127.0.0.1访问admin.php,可以访问
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com/admin.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:43:49 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=PVI1duy8; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969029; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_sid=m4nHf0; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972629%09admin.php%09; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
测试192.168.147.137访问admin.php,禁止访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:44:28 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
测试192.168.147.137访问forum.php,正常访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/forum.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:45:19 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=iX99yxiD; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969119; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972719%09forum.php%09; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_onlineusernum=1; expires=Fri, 24-Feb-2017 21:50:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
浏览器测试,禁止访问
全局设置:这里只为了测试:如禁止本机访问网站,禁止该网段访问网站
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
deny 127.0.0.1;
deny 192.168.147.0/24;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
访问全部被禁止:
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:33 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:51 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:52:00 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
